Update deploy_release.yml #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release TestFlight WorkFlow | ||
| PRO: | ||
|
Check failure on line 3 in .github/workflows/deploy_release.yml
|
||
| PROJECT: 'PickleApp' | ||
| on: | ||
| push: | ||
| branches: [ "release/*" ] | ||
| pull_request: | ||
| branches: [ "release/*" ] | ||
| jobs: | ||
| deploy: | ||
| name: build & test & TestFilght Upload | ||
| runs-on: macos-latest | ||
| strategy: | ||
| matrix: | ||
| xcode: ["15.3.0"] | ||
| env: | ||
| # app archive 및 export 에 쓰일 환경 변수 설정 | ||
| XC_WORKSPACE: ${{ PRO.PROJECT }}.xcworkspace | ||
| XC_SCHEME: ${{ 'Pickle-release' }} | ||
| XC_ARCHIVE: ${{ 'Pickle-release.xcarchive' }} | ||
| # certificate | ||
| ENCRYPTED_CERT_FILE_PATH: ${{ '.github/workflows/secrets/certification.p12.gpg' }} | ||
| DECRYPTED_CERT_FILE_PATH: ${{ '.github/workflows/secrets/certification.p12' }} | ||
| CERT_ENCRYPTION_KEY: ${{ secrets.CERT_ENCRYPTION_PASSWORD }} # gpg로 파일 암호화할 때 사용한 암호 | ||
| # provisioning | ||
| ENCRYPTED_PROVISION_FILE_PATH: ${{ '.github/workflows/secrets/release_realDoPizza.mobileprovision.gpg' }} | ||
| DECRYPTED_PROVISION_FILE_PATH: ${{ '.github/workflows/secrets/release_realDoPizza.mobileprovision' }} | ||
| PROVISIONING_ENCRYPTION_KEY: ${{ secrets.PROVISION_ENCRYTION_PASSWORD }} # gpg로 파일 암호화할 때 사용한 암호 | ||
| # AppStore privateKey Path | ||
| ENCRYPTED_APPSTORE_PRIVATE_KEY_PATH: ${{ '.github/workflows/secrets/AuthKey_2YZNHX4282.p8.gpg' }} | ||
| DECRYPTED_APPSTORE_PRIVATE_KEY_PATH: ${{ '.github/workflows/secrets/AuthKey_2YZNHX4282.p8' }} | ||
| # certification export key | ||
| CERT_EXPORT_KEY: ${{ secrets.CERT_EXPORT_PASSWORD }} | ||
| CERT_PASSWORD_KEY: ${{ secrets.APPSTORE_KEY_PASSWORD }} | ||
| KEYCHAIN: ${{ 'test.keychain' }} | ||
| # Step은 job의 일부로 실행될 일련의 task들을 나타냄 | ||
| steps: | ||
| # 단계별 task 를 나타낼 이름 | ||
| - name: Xcode Version Select | ||
| # shell 이용해서 하나의 command 수행 | ||
| uses: maxim-lobanov/setup-xcode@v1 | ||
| with: | ||
| xcode-version: ${{ matrix.xcode }} | ||
| - name: Select latest Xcode | ||
| run: "sudo xcode-select -s /Applications/Xcode.app" | ||
| - name: Checkout project | ||
| # uses 키워드를 통해 Github Actions에서 기본으로 제공하는 액션을 사용 가능. 아래 액션은 repository 에 체크아웃하는 것 | ||
| uses: actions/checkout@v2 | ||
| - name: Configure Keychain | ||
| # 키체인 초기화 - 임시 키체인 생성 | ||
| run: | | ||
| security create-keychain -p "" "$KEYCHAIN" | ||
| security list-keychains -s "$KEYCHAIN" | ||
| security default-keychain -s "$KEYCHAIN" | ||
| security unlock-keychain -p "" "$KEYCHAIN" | ||
| security set-keychain-settings | ||
| - name : Configure Code Signing | ||
| run: | | ||
| # certificate 복호화 | ||
| gpg -d -o "$DECRYPTED_CERT_FILE_PATH" --pinentry-mode=loopback --passphrase "$CERT_ENCRYPTION_KEY" "$ENCRYPTED_CERT_FILE_PATH" | ||
| # provisioning 복호화 | ||
| gpg -d -o "$DECRYPTED_PROVISION_FILE_PATH" --pinentry-mode=loopback --passphrase "$PROVISIONING_ENCRYPTION_KEY" "$ENCRYPTED_PROVISION_FILE_PATH" | ||
| # security를 사용하여 인증서와 개인 키를 새로 만든 키 체인으로 가져옴 | ||
| security import "$DECRYPTED_CERT_FILE_PATH" -k "$KEYCHAIN" -P "$CERT_EXPORT_KEY" -A | ||
| security set-key-partition-list -S apple-tool:,apple: -s -k "" "$KEYCHAIN" | ||
| # Xcode에서 찾을 수 있는 프로비저닝 프로필 설치하기 위해 프로비저닝 디렉토리를 생성 | ||
| mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles" | ||
| # 디버깅 용 echo 명령어 | ||
| echo `ls .github/workflows/secrets/*.mobileprovision` | ||
| # 모든 프로비저닝 프로파일을 rename 하고 위에서 만든 디렉토리로 복사하는 과정 | ||
| for PROVISION in `ls .github/workflows/secrets/*.mobileprovision` | ||
| do | ||
| UUID=`/usr/libexec/PlistBuddy -c 'Print :UUID' /dev/stdin <<< $(security cms -D -i ./$PROVISION)` | ||
| cp "./$PROVISION" "$HOME/Library/MobileDevice/Provisioning Profiles/$UUID.mobileprovision" | ||
| done | ||
| - name: Archive app | ||
| # 빌드 및 아카이브 | ||
| run: | | ||
| xcodebuild clean archive -project $XC_WORKSPACE -scheme $XC_SCHEME -configuration release -archivePath $XC_ARCHIVE | ||
| - name: Export app | ||
| # export 를 통해 ipa 파일 만듦 | ||
| run: | | ||
| xcodebuild -exportArchive -archivePath $XC_ARCHIVE -exportOptionsPlist ExportOptions.plist -exportPath . -allowProvisioningUpdates | ||
| - name: Install private API key P8 | ||
| run: | | ||
| gpg -d -o "$DECRYPTED_APPSTORE_PRIVATE_KEY_PATH" --pinentry-mode=loopback --passphrase "$CERT_PASSWORD_KEY" "$ENCRYPTED_APPSTORE_PRIVATE_KEY_PATH" | ||
| mkdir -p ~/private_keys | ||
| cp $DECRYPTED_APPSTORE_PRIVATE_KEY_PATH ~/private_keys | ||
| - name: Upload app to AppStore | ||
| env: | ||
| API_KEY: ${{ secrets.APPSTORE_API_KEY_ID }} | ||
| API_ISSUER : ${{ secrets.APPSTORE_ISSUER_ID }} | ||
| run: xcrun altool --output-format xml --upload-app -f Pickle-release.ipa -t ios --apiKey $API_KEY --apiIssuer $API_ISSUER | ||
| # - name: Upload app to TestFlight | ||
| # uses: apple-actions/upload-testflight-build@v1 | ||
| # with: | ||
| # app-path: 'Pickle-release.ipa' | ||
| # issuer-id: ${{ secrets.APPSTORE_ISSUER_ID }} | ||
| # api-key-id: ${{ secrets.APPSTORE_API_KEY_ID }} | ||
| # api-private-key: ${{ secrets.APPSTORE_API_PRIVATE_KEY }} | ||
